vars: add config for RedHat/CentOS 8

besides dropping the deprecated Sandbox option, set `GSSAPICleanupCredentials no` since that's what I have on a fresh installation of CentOS 8.
2024-11-22 11:00:19 +01:00 · 2019-10-14 14:48:03 +02:00 · 2019-10-14 14:48:03 +02:00 · 90b19f3b7c
commit 90b19f3b7c
parent 6be10a2d17
1 changed files with 28 additions and 0 deletions
--- a/vars/RedHat_8.yml
+++ b/vars/RedHat_8.yml
@ -0,0 +1,28 @@
+---
+__sshd_packages:
+  - openssh
+  - openssh-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_defaults:
+  HostKey:
+    - /etc/ssh/ssh_host_rsa_key
+    - /etc/ssh/ssh_host_ecdsa_key
+    - /etc/ssh/ssh_host_ed25519_key
+  SyslogFacility: AUTHPRIV
+  AuthorizedKeysFile: .ssh/authorized_keys
+  PasswordAuthentication: yes
+  ChallengeResponseAuthentication: no
+  GSSAPIAuthentication: yes
+  GSSAPICleanupCredentials: no
+# Note that UsePAM: no is not supported under RHEL/CentOS. See
+# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
+  UsePAM: yes
+  X11Forwarding: yes
+  PrintMotd: no
+  AcceptEnv:
+    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+    - LC_IDENTIFICATION LC_ALL LANGUAGE
+    - XMODIFIERS
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+__sshd_os_supported: yes